From: Sage Weil <sage@redhat.com>
Date: Thu, 6 Aug 2015 15:57:57 +0000 (-0400)
Subject: systemd: use --setuser and --setgroup for all daemons
X-Git-Tag: v9.1.0~294^2~10
X-Git-Url: http://git-server-git.apps.pok.os.sepia.ceph.com/?a=commitdiff_plain;h=8f3185bade4b67876ca305e2ce9238626796fb11;p=ceph.git

systemd: use --setuser and --setgroup for all daemons

Allow all daemons drop privilege themselves, instead of letting
systemd do it.

Among other things, this means that admins can conditionally not
drop prives by setting

  setuser match path = /var/lib/ceph/$type/$cluster-$id

in their ceph.conf to ease the pain of upgrade.

Signed-off-by: Sage Weil <sage@redhat.com>
Reviewed-by: Boris Ranto <branto@redhat.com>
---

diff --git a/systemd/ceph-mds@.service b/systemd/ceph-mds@.service
index e045ebba0aa..7e5a95e8c4e 100644
--- a/systemd/ceph-mds@.service
+++ b/systemd/ceph-mds@.service
@@ -7,9 +7,7 @@ PartOf=ceph.target
 [Service]
 EnvironmentFile=-/etc/sysconfig/ceph
 Environment=CLUSTER=ceph
-User=ceph
-Group=ceph
-ExecStart=/usr/bin/ceph-mds -f --cluster ${CLUSTER} --id %i
+ExecStart=/usr/bin/ceph-mds -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph
 ExecReload=/bin/kill -HUP $MAINPID
 
 [Install]
diff --git a/systemd/ceph-mon@.service b/systemd/ceph-mon@.service
index 396cb84a18c..7ac9b8f2ec7 100644
--- a/systemd/ceph-mon@.service
+++ b/systemd/ceph-mon@.service
@@ -13,9 +13,7 @@ PartOf=ceph.target
 [Service]
 EnvironmentFile=-/etc/sysconfig/ceph
 Environment=CLUSTER=ceph
-User=ceph
-Group=ceph
-ExecStart=/usr/bin/ceph-mon -f --cluster ${CLUSTER} --id %i
+ExecStart=/usr/bin/ceph-mon -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph
 ExecReload=/bin/kill -HUP $MAINPID
 
 [Install]
diff --git a/systemd/ceph-osd@.service.in b/systemd/ceph-osd@.service.in
index 5c7f77c7fe7..fac1932f58f 100644
--- a/systemd/ceph-osd@.service.in
+++ b/systemd/ceph-osd@.service.in
@@ -8,7 +8,7 @@ PartOf=ceph.target
 EnvironmentFile=-/etc/sysconfig/ceph
 Environment=CLUSTER=ceph
 ExecStart=/usr/bin/ceph-osd -f --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph
-ExecStartPre=/usr/libexec/ceph/ceph-osd-prestart.sh --cluster ${CLUSTER} --setuser ceph --setgroup ceph --id %i
+ExecStartPre=/usr/libexec/ceph/ceph-osd-prestart.sh --cluster ${CLUSTER} --id %i --setuser ceph --setgroup ceph
 ExecReload=/bin/kill -HUP $MAINPID
 
 [Install]
diff --git a/systemd/ceph-radosgw@.service b/systemd/ceph-radosgw@.service
index 8a520aca30d..486cef889cb 100644
--- a/systemd/ceph-radosgw@.service
+++ b/systemd/ceph-radosgw@.service
@@ -7,7 +7,7 @@ PartOf=ceph.target
 [Service]
 EnvironmentFile=-/etc/sysconfig/ceph
 Environment=CLUSTER=ceph
-ExecStart=/usr/bin/radosgw -f --cluster ${CLUSTER} --name client.%i
+ExecStart=/usr/bin/radosgw -f --cluster ${CLUSTER} --name client.%i --setuser ceph --setgroup ceph
 
 [Install]
 WantedBy=ceph.target